module Fog
module AWS
class IAM
class Real
require 'fog/aws/parsers/iam/upload_server_certificate'
# Uploads a server certificate entity for the AWS Account.
# Includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
#
# ==== Parameters
# * certificate<~Hash>: The contents of the public key certificate in PEM-encoded format.
# * private_key<~Hash>: The contents of the private key in PEM-encoded format.
# * name<~Hash>: The name for the server certificate. Do not include the path in this value.
# * options<~Hash>:
# * 'CertificateChain'<~String> - The contents of the certificate chain. Typically a concatenation of the PEM-encoded public key certificates of the chain.
# * 'Path'<~String> - The path for the server certificate.
#
# ==== Returns
# * response<~Excon::Response>:
# * body<~Hash>:
# * 'Certificate'<~Hash>:
# * 'Arn'<~String> -
# * 'Path'<~String> -
# * 'ServerCertificateId'<~String> -
# * 'ServerCertificateName'<~String> -
# * 'UploadDate'<~Time>
# * 'RequestId'<~String> - Id of the request
#
# ==== See Also
# http://docs.amazonwebservices.com/IAM/latest/APIReference/index.html?API_UploadServerCertificate.html
#
def upload_server_certificate(certificate, private_key, name, options = {})
request({
'Action' => 'UploadServerCertificate',
'CertificateBody' => certificate,
'PrivateKey' => private_key,
'ServerCertificateName' => name,
:parser => Fog::Parsers::AWS::IAM::UploadServerCertificate.new
}.merge!(options))
end
end
class Mock
def upload_server_certificate(certificate, private_key, name, options = {})
if certificate.nil? || certificate.empty? || private_key.nil? || private_key.empty?
raise Fog::AWS::IAM::ValidationError.new
end
response = Excon::Response.new
# Validate cert and key
begin
# must be an RSA private key
raise OpenSSL::PKey::RSAError unless private_key =~ /BEGIN RSA PRIVATE KEY/
cert = OpenSSL::X509::Certificate.new(certificate)
chain = OpenSSL::X509::Certificate.new(options['CertificateChain']) if options['CertificateChain']
key = OpenSSL::PKey::RSA.new(private_key)
rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::RSAError => e
message = if e.is_a?(OpenSSL::X509::CertificateError)
"Invalid Public Key Certificate."
else
"Invalid Private Key."
end
raise Fog::AWS::IAM::MalformedCertificate.new(message)
end
unless cert.check_private_key(key)
raise Fog::AWS::IAM::KeyPairMismatch.new
end
if self.data[:server_certificates][name]
raise Fog::AWS::IAM::EntityAlreadyExists.new("The Server Certificate with name #{name} already exists.")
else
response.status = 200
path = options['Path'] || "/"
data = {
'Arn' => Fog::AWS::Mock.arn('iam', self.data[:owner_id], "server-certificate/#{name}"),
'Path' => path,
'ServerCertificateId' => Fog::AWS::IAM::Mock.server_certificate_id,
'ServerCertificateName' => name,
'UploadDate' => Time.now
}
self.data[:server_certificates][name] = data
response.body = {
'Certificate' => data,
'RequestId' => Fog::AWS::Mock.request_id
}
end
response
end
end
end
end
end